(a) Field of the Invention
The present invention relates to a method for transmitting security context for handover in a portable Internet system, and more particularly, the present invention relates to a method for transmitting a security-related context so as to provide a security-related reestablishment between a mobile terminal and another base station when the mobile terminal performs a handover with the other base station in a portable Internet network.
(b) Description of the Related Art
An AP (access point) as a base station apparatus of a portable Internet system performs a wireless access function with an AT (access terminal) as a mobile terminal, and the AP performs an IP (Internet protocol)-based wire access function with a PAR (packet access router).
The PAR is connected to the AP and performs as an IP router, and also performs a function for controlling a signal process such as a service access and handover. In addition, the PAR performs a client function such as a user authentication and a mobile IP registration.
The portable Internet system has increasingly required that the AT may continuously use Internet service even after performing a handover. The handover means a function that the AT is automatically synchronized to a new channel and continuously maintains a service state when a service-using AT leaves the present service area and moves to another service area.
Accordingly, a method for transmitting handover-related information is desired such that the AT may continuously use an Internet service after performing a handover.
Meanwhile, the portable Internet network may largely uses two types of keys for security. One key is used for security of a control message, and the other key is used for traffic encryption and traffic decryption.
A key for signal message security is called an AK (authentication key). When the AT is authenticated using EAP (extensible authentication protocol), the AK is generated using a key value allocated by an authentication, authorization, and accounting (AAA) server and the generated AK is used between the corresponding AT and AP.
A system for generating such an AK may be AP or PAR. That is, so as to generate an AK between the AT and the AP, the AAA key is required. At this time, the AT may know an AAA key during a session connection, but a new AP when performing a handover may not know an AAA key, and accordingly, a method for transmitting the same to the new corresponding AP must be defined.
In addition, the traffic security-related keys may include a TEK (traffic encryption key) used for unicast traffic, a GTEK (group TEK) used for multicast traffic, and an MGTEK (MBS group traffic encryption key) used for MBS (multicast and broadcast service) traffic.
All the traffic-related keys may be generated and managed by the AP. The used traffic key of the previous AP may be continuously used between the new AP and the AT, or a new key may be allocated by the new AP. In both cases, the previous AP must transmit traffic-related keys to the new AP.
In addition, security-related (security association) information between the AT and the AP, AT-security capability information, or the like must be transmitted to the new AP.